基于相似度计算的网络攻击分类方法  被引量：2

作　　者：贾志淳[1] 辛民栋 李彦谚 韩秋阳 郑行 邢星[1] JIA Zhichun;XIN Mingdong;LI Yanyan;HAN Qiuyang;ZHENG Hang;XING Xing(College of Information Science and Technology,Bohai University,Jinzhou 121013,China)

机构地区：[1]渤海大学信息科学与技术学院,辽宁锦州121013

出　　处：《渤海大学学报（自然科学版）》2020年第2期169-177,共9页Journal of Bohai University:Natural Science Edition

基　　金：国家自然科学基金项目(No:61603054,No:61972053);辽宁省教育厅科学研究项目(No:LQ2019016,No:LJ2019015);辽宁省自然科学基金项目(No:2019-ZD-0505)。

摘　　要：在当今复杂的网络环境下,各应用服务提供商和企业所开发的软件需要满足大量用户的使用和数据的存储,同时随着基于网络的计算机服务的大量增长和运行在网络系统上的应用程序的大量增加,采用适当的安全措施来保护计算机和网络免受入侵,和对于系统所受到的攻击进行分类始终是应用服务提供商和企业面临着巨大的挑战.近些年来,机器学习技术的兴起,使研究人员将更让多的目光投向了它,建立了能够检测网络流量异常的特征选择的评估与分类器和入侵检测系统(IDS).但是大多数研究工作并没有交叉验证评估结果,存在分类器精度低,范围窄以及无法区分不同类型的攻击的问题.种种事实证明,采取适当的对策和防御是非常重要的.通过建立分类框架,使用公共数据集KDD设计出多级相似度分类模型,告别了单层的分类,采用了多级分类技术对系统所受到的攻击进行分类.该方法根据攻击的属性和相似度,能够快速、准确地对攻击进行分类.实验结果表明,该方法有效,运行快并且精确度高.Nowadays,in the complex network environment,The software that the application service providers(ASPs)and enterprises developed needs to meet the needs of a large number of users and the storage of data,at the same time,with the massive growth of network-based computer services and the proliferation of applications running on network systems,using appropriate security measures to protect computers and networks from intrusions,and the classification of the attacks on systems are the biggest challenges for the application service providers(ASPs)and enterprises.In recent years,the rise of machine learning technology has enabled researchers to pay more attention to it,establishing an evaluation and classifier and intrusion detection system(IDS)that can detect feature selection of network traffic anomalies.But most research work does not crossvalidate the results of the assessment,the classifiers still exist many problems with low precision,narrow range,and inability to distinguish between different types of attacks.All kinds of facts prove that it is very important to take appropriate countermeasures and defenses.By establishing a classification framework,a multi-level similarity classification model is designed using the public dataset KDD,bidding farewell to the single-layer classification,and using multi-level classification techniques to classify the attacks on the system.According to the attributes and similarity of attacks,this method can classify attacks quickly and accurately.The experimental results show that the method is effective,fast and accurate.

关 键 词：攻击类型 多级分类 相似度 KDD数据集 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]